CYB 207 Wk 1 Discussion

0 items
CYB 207 Wk 1 Discussion
CYB 207 Wk 1 Discussion
$3.00
  • Description

CYB 207 Wk 1 Discussion

Post a total of 3 substantive responses over 2 separate days for full participation. This includes your initial post and 2 replies to classmates or your faculty member.

Read Faculty Note below, and review the Discussion Grading Rubric each week.

Option 1

Due Thursday 

The National Institute of Standards and Technology (NIST) and the International Organization for Standardization (ISO) 27000 series are considered the two best practices for implementing security risk management frameworks. They have some commonalities, along with some differences.

As described in this week’s reading from the NIST and the ISO 27000 series publications, describe two areas within each security risk management framework for NIST and ISO 27000. Compare and contrast how each relates to the other.

Due Monday

Post 2 replies to classmates or your faculty member. Be constructive and professional.

Option 2

Due Thursday

The first major step in any risk management framework is to categorize information systems. An information security professional must understand the sensitivity of the data an information system processes and stores before categorizing an information system. It is important for the information security professional to understand the sensitivity (Low, Medium, High) of the organization’s data elements to ensure the protection of the confidentiality, integrity, and availability of the data.

For example, data categories and data elements that apply to a hospital environment include patient health information (PHI), personal identification information (PII), payment card industry (PCI), to name a few. There are elements within each data category, such as patient name, surgical procedure, prescription information, etc. that make up the PHI data category.

List at least 2 data categories and at least three data elements within each category for a typical financial institution (e.g., bank, savings and loan, etc.).

Use this week’s reading “Minimum Security Requirements for Federal Information and Information Systems” as a guide to map each element to a sensitivity level (Low, Medium, High) for Confidentiality, Integrity, and Availability.

Explain why this identification is important for the risk management framework.

Due Monday

Post 2 replies to classmates or your faculty member. Be constructive and professional.